[one-users] Problem with ldap authentication
Tino Vazquez
tinova at opennebula.org
Mon Jun 20 06:34:00 PDT 2011
Hi,
Indeed, this is a bug. I've opened a ticket [1] to keep track of the
solution.
Regards,
-Tino
[1] http://dev.opennebula.org/issues/689
--
Constantino Vázquez Blanco, MSc
OpenNebula Major Contributor
www.OpenNebula.org | @tinova79
On Mon, Jun 20, 2011 at 12:45 PM, Carlos A. <caralla at upv.es> wrote:
> **
> The problem is that in the original one_auth_mad.rb, the code is fine (is
> distinct than the one distributed in the ldap authentication addon).
>
> When I install the ldap addon, the resulting one_auth_mad.rb is the one
> that I was dealing with.
>
> (from the ONE bundle directory just uncompressed)
> $ diff ./src/authm_mad/one_auth_mad.rb
> ../one/tmp/ldap-2.2.0/src/one_auth_mad.rb
> (... license ...)
> 34a37
> > require 'ldap_auth'
> 59c62
> < @authenticate=driver.new
> ---
> > @authenticate=driver.new(@config)
> 65c68
> < @authenticate=SimpleAuth.new
> ---
> > @authenticate=SimpleAuth.new(@config)
> 79c82
> < request_id, 'Successfully authenticated')
> ---
> > request_id, user, token)
> 87,92c90
> < begin
> < auth=@permissions.auth(user_id, tokens.flatten)
> < rescue Exception => e
> < auth="Error: #{e}"
> < end
> <
> ---
> > auth=@permissions.auth(user_id, tokens.flatten)
> 103,108d100
> < begin
> < am=AuthorizationManager.new
> < rescue Exception => e
> < puts "Error: #{e}"
> < exit(-1)
> < end
> 109a102
> > am=AuthorizationManager.new
>
> -----------------------------
>
> You can notice that the line
>
> request_id, 'Successfully authenticated')
>
> has been substituted by the faulty line in the ldap addon
>
> request_id, user, token)
>
> Regards,
> Carlos A.
>
>
> El 20/06/11 12:14, Tino Vazquez escribió:
>
> Hi Carlos,
>
> I am not able to find the code you are referring to, which version of
> OpenNebula are you using?
>
> Regards,
>
> -Tino
>
> --
> Constantino Vázquez Blanco, MSc
> OpenNebula Major Contributor
> www.OpenNebula.org | @tinova79
>
>
> On Thu, Jun 16, 2011 at 5:15 PM, Carlos A. <caralla at upv.es> wrote:
>
>> Hello,
>>
>> I have finally got it:
>>
>> I have found 1 error in lib/mads/one_auth_mad.rb
>>
>> ...
>> def action_authenticate(request_id, user_id, user, password, token)
>> auth=@authenticate.auth(user_id, user, password, token)
>> if auth==true
>> send_message('AUTHENTICATE', RESULT[:success], request_id,
>> user, token)
>> else
>> send_message('AUTHENTICATE', RESULT[:failure],
>> request_id, auth)
>> end
>> end
>> ...
>>
>> the problem is the line
>> send_message('AUTHENTICATE', RESULT[:success], request_id,
>> user, token)
>>
>> where there are 5 parameters while send_message needs only 4. If I leave
>> these 5 parameters, one fails and the one daemon dies, but when I remove the
>> last one (token), it works both for simple and ldap authentication.
>>
>> Neither simple or ldap were working before because of the exception of the
>> "send_message" function.
>>
>> The code that I am using (it works for me) is:
>>
>> ...
>> def action_authenticate(request_id, user_id, user, password, token)
>> auth=@authenticate.auth(user_id, user, password, token)
>> if auth==true
>> send_message('AUTHENTICATE', RESULT[:success], request_id,
>> user)
>> else
>> send_message('AUTHENTICATE', RESULT[:failure], request_id,
>> auth)
>> end
>> end
>> ...
>>
>> Regards,
>> Carlos A.
>>
>>
>>
>> El 16/06/11 13:11, Tino Vazquez escribió:
>>
>> Hi Carlos,
>>
>> Let's try the driver by hand again, but also with the authentication
>> part:
>>
>> # ruby -dw $ONE_LOCATION/lib/mads/one_auth_mad.rb
>> AUTHENTICATE 0 -1 <LDAP_DN> - <LDAP_DN:plain:LDAP_PASSWORD>
>>
>> this will tell if the failure is in the driver or the core.
>>
>> Regards,
>>
>> -Tino
>>
>> --
>> Constantino Vázquez Blanco, MSc
>> OpenNebula Major Contributor
>> www.OpenNebula.org | @tinova79
>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20110620/461cf86b/attachment-0003.htm>
More information about the Users
mailing list